Presentation is loading. Please wait.

Presentation is loading. Please wait.

5.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

Published byHortense Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "5.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning."— Presentation transcript:

1 5.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Goals  Design the DHCP infrastructure  Design the remote access infrastructure  Design remote access policies

2 5.2 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Dynamic Host Configuration Protocol (DHCP)  A simple, but critical, service  Functionality  Provides IP addressing information to client computers  Records the addresses leased  Can also be configured to notify DNS of address leases to update and maintain a Dynamic DNS (DDNS) zone Designing the DHCP Infrastructure (Skill 1)

3 5.3 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Number of subnets supported in the design  Helps determine how many scopes are required  Identifies how many addresses will be provided via DHCP  Indicates how many superscopes are required  Identifies the exclusions and reservations that will be required Designing the DHCP Infrastructure (4) (Skill 1)

4 5.4 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  RFC 1542 compliance in routers  To be RFC 1542-compliant, routers themselves must be capable of acting as Bootstrap Protocol (BOOTP) relay agents  Determines whether you require any DHCP relay agents to create a centralized DHCP design  Number of scopes required  Typically determined once you examine the subnet model Designing the DHCP Infrastructure (5) (Skill 1)

5 5.5 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Number of superscopes required  A superscope is a way of combining more than one non-contiguous IP address range into a single scope  Superscopes are only required when you need multiple non-contiguous subnets to be leased to a single physical subnet Designing the DHCP Infrastructure (6) (Skill 1)

6 5.6 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Reservations and exclusions  Reservations are typically used when you do not want to manually configure each client, but you want a specific group of clients to always have the same IP address  Exclusions are addresses that will never be handed out by the DHCP server Designing the DHCP Infrastructure (7) (Skill 1)

7 5.7 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Presence of other DHCP servers/Active Directory integration  Active Directory server authorization  Windows Server 2003 and Windows 2000 Server require DCHP servers to be authorized in Active Directory before starting, which is a mechanism to disable rogue DHCP servers  Windows NT, Unix, and NetWare DHCP servers, as well as client systems with Internet Connection Sharing enabled, do not have this feature  It is important to know where the other devices are on the network that may potentially function as a DHCP and make sure that they are not configured to offer IP addresses Designing the DHCP Infrastructure (8) (Skill 1)

8 5.8 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Redundancy requirements  Generally want at least two DHCP servers hosting each scope  Servers do not have to be solely dedicated to DHCP  DHCP can be installed on file servers, print servers, and even domain controllers Designing the DHCP Infrastructure (9) (Skill 1)

9 5.9 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Two basic types of DHCP infrastructure designs  Centralized  Decentralized Designing the DHCP Infrastructure (10) (Skill 1)

10 5.10 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Centralized design  Place two or more DHCP servers in a central hub location and enable BOOTP forwarding on routers for remote DHCP-enabled subnets  Typically easier to administer and less costly  May make meeting redundancy requirements difficult Designing the DHCP Infrastructure (11) (Skill 1)

11 5.11 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Decentralized design  Place a DHCP server on each DHCP-enabled subnet, with a backup copy of each different scope on an adjacent server  Requires more administrative resources  Requires more server resources  Makes achieving redundancy much easier Designing the DHCP Infrastructure (12) (Skill 1)

12 5.12 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-4 Reservations and exclusions (Skill 1)

13 5.13 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-5 Decentralized DHCP model (Skill 1)

14 5.14 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-6 Centralized DHCP model (Skill 1)

15 5.15 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Remote access infrastructure design considerations  Type of remote access (dial-up or VPN) required  How many concurrent users must be supported  Availability requirements Designing the Remote Access Infrastructure (Skill 2)

16 5.16 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Type of remote access (dial-up or VPN) required  Determines the physical considerations of the design  Dial-up (POTS or ISDN) must ensure there are enough incoming lines  VPN  Ensure you have adequate Internet bandwidth  Ensure the encryption load can be supported Designing the Remote Access Infrastructure (2) (Skill 2)

17 5.17 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Availability requirements  Determines the number of RAS servers required  Determines the configuration of RAS servers  If using VPNs, can use network load balancing (NLB) for maximal availability  If using dial-up, specialized hardware to distribute connections is typically required Designing the Remote Access Infrastructure (3) (Skill 2)

18 5.18 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Hardware requirements  RAS is a fairly low-impact service  Network connectivity for RAS server is biggest consideration  When using VPNs, make sure server’s processing capability can support the encryption requirements of the connections Designing the Remote Access Infrastructure (4) (Skill 2)

19 5.19 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Server placement  Place RAS server and RAS connectivity as near as possible to the network resources that remote users will most commonly access  Placement of servers vis-à-vis the firewall is very important Designing the Remote Access Infrastructure (5) (Skill 2)

20 5.20 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Authentication, authorization, and accounting (AAA)  RADIUS is generally a better choice than Windows Accounting  Provides centralization of remote access policies and accounting information Designing the Remote Access Infrastructure (6) (Skill 2)

21 5.21 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Auditing and logging options  Enable Internet Authentication Service (IAS) logging to keep a running list of connections made to RAS server  Enable logging of accounting and authentication requests  Audit successful and failed account logon events Designing the Remote Access Infrastructure (7) (Skill 2)

22 5.22 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-10 Placement of a VPN server (Skill 2)

23 5.23 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Remote access policy conditions  Used to match a specific policy to a given user  Available condition components  Authentication-Type: Matches users based on the type of authentication protocol they are using  Called-Station-ID: Matches users based on the phone number they dialed  Calling-Station-ID: Matches users based on the phone number from which they are calling Designing Remote Access Policies (2) (Skill 3)

24 5.24 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Available condition components  Client-Friendly-Name: Defines the friendly name of the RADIUS client that is requesting use of the RADIUS server  Client-IP-Address: Matches the IP address of RADIUS client that is requesting access  Client-Vendor: Matches the vendor of the RADIUS client  Day-and-Time-Restrictions: Matches the user based on the day and time they attempt to connect Designing Remote Access Policies (3) (Skill 3)

25 5.25 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Remote access policy permissions  Used to control access  Set to allow or deny access  Remote access policy profile  Used to restrict which remote access settings are supported  Settings are defined in the Edit Dial-in Profile dialog box Designing Remote Access Policies (6) (Skill 3)

26 5.26 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Tabs in the Edit Dial-in Profile dialog box  Dial-in Constraints tab: Used to define any needed restrictions for the dial-in properties of the policy  IP tab: Used to define the IP properties associated with the connections to which this profile applies  Multilink tab: Used to define the setting applied to multilink connections for this policy Designing Remote Access Policies (7) (Skill 3)

27 5.27 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services  Tabs in the Edit Dial-in Profile dialog box  Authentication tab: Used to define the authentication methods allowed by this policy  Encryption tab: Used to define MPPE encryption levels for the connection  Advanced tab: Used to define special settings to be returned from RADIUS servers to RADIUS clients Designing Remote Access Policies (8) (Skill 3)

28 5.28 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-11 Components of a remote access policy (Skill 3)

29 5.29 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-12 Dial-in Constraints tab (Skill 3)

30 5.30 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-13 IP tab (Skill 3)

31 5.31 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-14 Multilink tab (Skill 3)

32 5.32 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-15 Authentication tab (Skill 3)

33 5.33 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-16 Encryption tab (Skill 3)

34 5.34 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning Network Services Figure 5-17 Advanced tab (Skill 3)

Download ppt "5.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning."

Similar presentations

1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Chapter 11 Configuring Dynamic Host Configuration Protocol

Chapter 11 Configuring Dynamic Host Configuration Protocol
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
15.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 8 Administering TCP/IP.

Chapter 8 Administering TCP/IP.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Lesson 11: Deploying and Configuring the DHCP Service

Lesson 11: Deploying and Configuring the DHCP Service
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol.

Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

Similar presentations

Ads by Google